You are probably running into these issues: https://issues.apache.org/jira/browse/WSS-231 https://issues.apache.org/jira/browse/WSS-424
Essentially, the ordering is the problem (I suspect). Colm. On Tue, Apr 23, 2013 at 3:13 PM, Andrew Hart <[email protected]> wrote: > Upgrading to a newer version is difficult in some DoD settings where > there are lists of "approved" open source software and versions. > Believe me, I'm not using out of date software by choice. > I am constrained to use JBoss AS 6.x, which contains CXF 2.3.1, which I > *think* contains WSS4J 1.5.8. I'm lobbying to upgrade some of this > but, if I am allowed to do so, it will be by upgrading JBossWS-CXF in > that version of JBoss and I won't be surprised if that opens up a > completely different can of worms. > > What I am really asking for here is a basic explanation of the actions. > If the WSS4J action is on an inbound interceptor is "signature", then > what parts need to be signed? If the actions are "timestamp signature", > then does that mean the timestamp is expected to be signed? If the > action is encrypt, then what needs to be encrypted, the head, the body, > the entire envelope? That sort of thing. Is there some documentation, > or does everybody just debug step through the code and have to figure it > out for themselves? My configuration below looked ok to you?? > > -----Original Message----- > From: Colm O hEigeartaigh [mailto:[email protected]] > Sent: Tuesday, April 23, 2013 4:02 AM > To: [email protected] > Subject: Re: Understanding WSS4J actions > > Newer versions of CXF do not require that the actions match in the exact > order, but only that they match in some order. So your best bet is to > upgrade to a newer version. > > Colm. > > > On Mon, Apr 22, 2013 at 11:04 PM, Andrew Hart <[email protected]> wrote: > > > Ok, wrt my earlier message, I decided to just go ahead and write a > > simple java web service client rather than try to figure out why > > SoapUi wasn't working. > > Unfortunately, I'm back into "actions mismatch" hell. > > > > I understand that the actions need to match up on the client request > > to the server, i.e., from the client OutInterceptor to the server > > InInterceptor and that the inverse is true, From the server response > > OutInterceptor to the client InInterceptor. > > > > So, my client is configured like this in a cxf.xml file: > > (note: the jaxws:client element didn't work for me and I had to > > replace it with the cxf:bus before my interceptors would load.) > > ---------------------------------------------------------------------- > > -- > > ----------------- > > > > <beans xmlns="http://www.springframework.org/schema/beans"; > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > > xmlns:jaxws="http://cxf.apache.org/jaxws"; > > xmlns:cxf="http://cxf.apache.org/core"; > > xsi:schemaLocation="http://cxf.apache.org/core > > http://cxf.apache.org/schemas/core.xsd > > http://www.springframework.org/schema/beans > > > http://www.springframework.org/schema/beans/spring-beans-2.0.xsd > > http://cxf.apache.org/jaxws > > http://cxf.apache.org/schemas/jaxws.xsd";> > > > > <!-- > > <jaxws:client name=" MyWebServicePort" createdFromAPI="true"> > > <jaxws:inInterceptors> > > <ref bean="TimestampSignEncrypt_Response"/> > > <ref bean="logInbound" /> > > </jaxws:inInterceptors> > > <jaxws:outInterceptors> > > <ref bean="TimestampSignEncrypt_Request"/> > > <ref bean="logOutbound" /> > > </jaxws:outInterceptors> > > </jaxws:client> > > --> > > > > <cxf:bus> > > <cxf:outInterceptors> > > <ref bean="ClientRequest_Interceptor"/> > > <ref bean="logOutbound" /> > > </cxf:outInterceptors> > > <cxf:inInterceptors> > > <ref bean="ServerResponse_Interceptor"/> > > <ref bean="logInbound" /> > > </cxf:inInterceptors> > > </cxf:bus> > > > > <bean id="logInbound" > > class="org.apache.cxf.interceptor.LoggingInInterceptor"/> > > <bean id="logOutbound" > > class="org.apache.cxf.interceptor.LoggingOutInterceptor"/> > > <bean > > class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor" > > id="ClientRequest_Interceptor"> > > <constructor-arg> > > <map> > > <entry key="action" value="Timestamp Signature"/> > > <entry key="user" value="client1alias"/> > > <entry key="signaturePropFile" > > value="clientKeystore.properties"/> > > <entry key="signatureKeyIdentifier" > > value="DirectReference"/> > > <entry key="passwordCallbackClass" > > value="com.akimeka.ws.testclient.clientsample.ClientKeystorePasswordCa > > ll > > back"/> > > <entry key="signatureAlgorithm" > > value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> > > <entry key="signatureParts" > > value="{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;{Eleme > > nt > > }{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-u > > ti > > lity-1.0.xsd}Timestamp"/> > > > > </map> > > </constructor-arg> > > </bean> > > <bean > > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor" > > id="ServerResponse_Interceptor"> > > <constructor-arg> > > <map> > > <entry key="action" value="Timestamp Signature > > Encrypt"/> > > <entry key="signaturePropFile" > > value="clientKeystore.properties"/> > > <entry key="decryptionPropFile" > > value="clientKeystore.properties"/> > > <entry key="passwordCallbackClass" > > value="com.akimeka.ws.testclient.clientsample.ClientKeystorePasswordCa > > ll > > back"/> > > <entry key="encryptionKeyTransportAlgorithm" > > value="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> > > <entry key="signatureAlgorithm" > > value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> > > </map> > > </constructor-arg> > > </bean> > > </beans> > > > > > > ---------------------------------------------------------------------- > > -- > > ---------- > > The server has a jbossws-cxf.xml file and is configured like this: > > ---------------------------------------------------------------------- > > -- > > ---------- > > <beans > > xmlns='http://www.springframework.org/schema/beans' > > xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' > > xmlns:beans='http://www.springframework.org/schema/beans' > > xmlns:jaxws='http://cxf.apache.org/jaxws' > > xsi:schemaLocation='http://cxf.apache.org/core > > http://cxf.apache.org/schemas/core.xsd > > http://www.springframework.org/schema/beans > > http://www.springframework.org/schema/beans/spring-beans-2.0.xsd > > http://cxf.apache.org/jaxws > > http://cxf.apache.org/schemas/jaxws.xsd'> > > > > > > <bean id="Sign_Request" > > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> > > <constructor-arg> > > <map> > > <entry key="action" value="Timestamp Signature"/> > > <entry key="signaturePropFile" value="security.properties"/> > > <entry key="decryptionPropFile" value="security.properties"/> > > <entry key="passwordCallbackClass" > > value="com.akimeka.ws.common.KeystorePasswordCallback"/> > > </map> > > </constructor-arg> > > </bean> > > > > > > <bean id="Sign_Response" > > class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> > > <constructor-arg> > > <map> > > <entry key="action" value="Timestamp Signature Encrypt"/> > > <entry key="user" value="server.akimeka.com"/> > > <entry key="signaturePropFile" value="security.properties"/> > > <entry key="encryptionPropFile" value="security.properties"/> > > <entry key="encryptionUser" value="useReqSigCert"/> > > <!-- <entry key="encryptionUser" value="client1.akimeka.com" > > /> > > --> > > <entry key="signatureKeyIdentifier" value="DirectReference"/> > > <!-- <entry key="encryptionKeyIdentifier" > > value="DirectReference" /> --> > > <entry key="passwordCallbackClass" > > value="com.akimeka.ws.common.KeystorePasswordCallback"/> > > <entry key="signatureParts" > > value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > > ss > > -wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap > > .o > > rg/soap/envelope/}Body"/> > > <entry key="encryptionParts" > > value="{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body"/> > > <entry key="encryptionKeyTransportAlgorithm" > > value="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> > > <entry key="encryptionSymAlgorithm" > > value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> > > <entry key="signatureAlgorithm" > > value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> > > </map> > > </constructor-arg> > > </bean> > > > > <jaxws:endpoint > > id='CipService' > > address='http://@jboss.bind.address@:8080/ws-cip' > > implementor='com.akimeka.cip.ws.CipService'> > > <jaxws:invoker> > > <bean class='org.jboss.wsf.stack.cxf.InvokerJSE'/> > > </jaxws:invoker> > > > > <jaxws:inInterceptors> > > <bean > > class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/> > > <ref bean="Sign_Request"/> > > </jaxws:inInterceptors> > > > > <jaxws:outInterceptors> > > <bean > > class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor"/> > > <ref bean="Sign_Response"/> > > </jaxws:outInterceptors> > > > > </jaxws:endpoint> > > </beans> > > ---------------------------------------------------------------------- > > -- > > ------------------------------- > > > > And, so the server sees the incoming message here... > > > > -------------------------------------- > > 16:43:36,935 INFO [org.apache.cxf.interceptor.LoggingInInterceptor] > > Inbound Message > > ---------------------------- > > ID: 16 > > Address: /ws-cip/CipService > > Encoding: UTF-8 > > Content-Type: text/xml; charset=UTF-8 > > Headers: {cache-control=[no-cache], content-type=[text/xml; > > charset=UTF-8], connection=[keep-alive], > > host=[msat-ah-01.akimeka.com:8080], Content-Length=[3496], > > SOAPAction=[""], user-agent=[Apache CXF 2.3.1-patch-01], > > Content-Type=[text/xml; charset=UTF-8], Accept=[*/*], > > pragma=[no-cache]} > > Payload: <soap:Envelope > > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Header><w > > ss > > e:Security > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws > > se curity-secext-1.0.xsd" > > soap:mustUnderstand="1"><wsse:BinarySecurityToken > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws > > se > > curity-secext-1.0.xsd" > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss > > ec > > urity-utility-1.0.xsd" > > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- > > so > > ap-message-security-1.0#Base64Binary" > > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x50 > > 9- > > token-profile-1.0#X509v3" > > wsu:Id="CertId-8FE55E1C1DB8D8548C13666670167941">MIIBozCCAQygAwIBAgIEU > > XV > > eiTANBgkqhkiG9w0BAQUFADAWMRQwEgYDVQQDEwtjbGllbnQxdXNlcjAeFw0xMzA0MjIxN > > jA > > wMDlaFw0xNTA0MjIxNjAwMDlaMBYxFDASBgNVBAMTC2NsaWVudDF1c2VyMIGfMA0GCSqGS > > Ib > > 3DQEBAQUAA4GNADCBiQKBgQCd4AXM4VgvaScl6kdJVyaej50gr08XXSOntVki80znasD1t > > jE > > +TwUBBIjMzWUtLN+vWO211cbggaNP8mLZ2Tti3mEY0sS4ixZHLZz41/mLHU4YcQEFFZ5p6 > > +TwUBBIjMzWUtLN+1W > > p1L3C37gQ7pm37SfKerwlrM4HnxSY6y7MinJSfQ0iDYaMu+XizQIDAQABMA0GCSqGSIb3D > > p1L3C37gQ7pm37SfKerwlrM4HnxSY6y7MinJSfQ0iDYaMu+QE > > BBQUAA4GBACiZwyRmSfjcjZDrIRe1A4PPHp+fMNHVssnvtOSaVEKjDRPeS1uXM7RLFUIvj > > BBQUAA4GBACiZwyRmSfjcjZDrIRe1A4PPHp+EO > > sbiSGMWSswFj/M61dRwNQreUxK737EpX8yko0gzKG+mH9bZZnEzroX5BROxa1luUTDmK2d > > Ug > > oPmLIwZI8gB8rJL6W3F3I6zfHwqHGbW6Xqt+J</wsse:BinarySecurityToken><ds:Si > > oPmLIwZI8gB8rJL6W3F3I6zfHwqHGbW6Xqt+gn > > ature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-2"> > > <ds:SignedInfo> <ds:CanonicalizationMethod > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > > <ds:SignatureMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> > > <ds:Reference URI="#id-3"> <ds:Transforms> <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > > </ds:Transforms> <ds:DigestMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> > > <ds:DigestValue>Ki9mmuZ/IPEazLZiTmt1cqDq7pQ=</ds:DigestValue> > > </ds:Reference> > > <ds:Reference URI="#Timestamp-1"> > > <ds:Transforms> > > <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > > </ds:Transforms> <ds:DigestMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> > > <ds:DigestValue>dc/iT6EKpqAL9crdJORImAfavcU=</ds:DigestValue> > > </ds:Reference> > > </ds:SignedInfo> > > <ds:SignatureValue> > > FmXE1n5OKy4PVtLkTeuycQf6d6gMl4fgIrucJw6Ms8OnFLs4jbN6PMbkKIkv3DogfYPzSr > > r6 > > Incd > > Gus2miH1Qb5dFOhRDUSTDBaMeROxCyfKtzpvhTezboS1lYTF1jgFlmih5Ly1pTEwK46XmB > > L4 > > KKeD > > Jjo5xjN6eqUAYgrcGjs= > > </ds:SignatureValue> > > <ds:KeyInfo Id="KeyId-8FE55E1C1DB8D8548C13666670168262"> > > <wsse:SecurityTokenReference > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws > > se > > curity-secext-1.0.xsd" > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss > > ec > > urity-utility-1.0.xsd" > > wsu:Id="STRId-8FE55E1C1DB8D8548C13666670168263"><wsse:Reference > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws > > se curity-secext-1.0.xsd" > > URI="#CertId-8FE55E1C1DB8D8548C13666670167941" > > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x50 > > 9- token-profile-1.0#X509v3" /></wsse:SecurityTokenReference> > > </ds:KeyInfo> </ds:Signature><wsu:Timestamp > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss > > ec > > urity-utility-1.0.xsd" > > wsu:Id="Timestamp-1"><wsu:Created>2013-04-22T21:43:36.793Z</wsu:Create > > d> > > <wsu:Expires>2013-04-22T21:48:36.793Z</wsu:Expires></wsu:Timestamp></w > > ss > > e:Security></soap:Header><soap:Body > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss > > ec urity-utility-1.0.xsd" wsu:Id="id-3"><ns2:testWebService > > xmlns:ns2="http://akimeka.com";><arg0>Test > > String</arg0></ns2:testWebService></soap:Body></soap:Envelope> > > -------------------------------------- > > > > And then blows up with this stacktrace and sends back a fault: > > > > 16:43:36,935 WARN > > [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] > > Security processing failed (actions mismatch) > > 16:43:36,935 WARN > > [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] > > : org.apache.ws.security.WSSecurityException: An error was discovered > > processing the <wsse:Security> header > > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4J > > In > > Interceptor.java:294) [:2.3.1-patch-01] > > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4 > > JI > > nInterceptor.java:234) [:2.3.1-patch-01] > > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4 > > JI > > nInterceptor.java:81) [:2.3.1-patch-01] > > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercepto > > rC > > hain.java:255) [:2.3.1-patch-01] > > at > > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitia > > ti > > onObserver.java:113) [:2.3.1-patch-01] > > at > > org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDest > > in > > ation.java:97) [:2.3.1-patch-01] > > at > > org.apache.cxf.transport.servlet.ServletController.invokeDestination(S > > er > > vletController.java:461) [:2.3.1-patch-01] > > at > > org.jboss.wsf.stack.cxf.ServletControllerExt.invoke(ServletControllerE > > xt > > .java:172) [:3.4.1.GA] > > at > > org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHa > > nd > > lerImpl.java:57) [:3.4.1.GA] > > at > > org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(Ser > > vl > > etHelper.java:156) [:3.4.1.GA] > > at > > org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:90) > > [:3.4.1.GA] > > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(Abs > > tr > > actHTTPServlet.java:179) [:2.3.1-patch-01] > > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHT > > TP > > Servlet.java:103) [:2.3.1-patch-01] > > at > > javax.servlet.http.HttpServlet.service(HttpServlet.java:754) > > [:1.0.0.Final] > > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractH > > TT > > PServlet.java:159) [:2.3.1-patch-01] > > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli > > ca > > tionFilterChain.java:324) [:6.1.0.Final] > > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi > > lt > > erChain.java:242) [:6.1.0.Final] > > at > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperVa > > lv > > e.java:275) [:6.1.0.Final] > > at > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextVa > > lv > > e.java:161) [:6.1.0.Final] > > at > > org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(Security > > As > > sociationValve.java:181) [:6.1.0.Final] > > at > > org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticat > > or > > Base.java:501) [:6.1.0.Final] > > at > > org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.eve > > nt > > (CatalinaContext.java:285) [:1.1.0.Final] > > at > > org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.inv > > ok > > e(CatalinaContext.java:261) [:1.1.0.Final] > > at > > org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve > > .j > > ava:88) [:6.1.0.Final] > > at > > org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke > > (S > > ecurityContextEstablishmentValve.java:100) [:6.1.0.Final] > > at > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.ja > > va > > :159) [:6.1.0.Final] > > at > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.ja > > va > > :102) [:6.1.0.Final] > > at > > org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedCo > > nn > > ectionValve.java:158) [:6.1.0.Final] > > at > > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. > > java:109) [:6.1.0.Final] > > at > > org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.i > > nv > > oke(ActiveRequestResponseCacheValve.java:53) [:6.1.0.Final] > > at > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java > > :3 > > 62) [:6.1.0.Final] > > at > > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java: > > 87 > > 7) [:6.1.0.Final] > > at > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proces > > s( > > Http11Protocol.java:654) [:6.1.0.Final] > > at > > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951 > > ) > > [:6.1.0.Final] > > at java.lang.Thread.run(Thread.java:662) [:1.6.0_35] > > > > 16:43:36,936 WARN [org.apache.cxf.phase.PhaseInterceptorChain] > > Interceptor for {http://akimeka.com}TMDS_CIP_Web_Service has thrown > > exception, unwinding now: org.apache.cxf.binding.soap.SoapFault: An > > error was discovered processing the <wsse:Security> header > > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WS > > S4 > > JInInterceptor.java:654) [:2.3.1-patch-01] > > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4 > > JI > > nInterceptor.java:275) [:2.3.1-patch-01] > > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4 > > JI > > nInterceptor.java:81) [:2.3.1-patch-01] > > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercepto > > rC > > hain.java:255) [:2.3.1-patch-01] > > at > > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitia > > ti > > onObserver.java:113) [:2.3.1-patch-01] > > at > > org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDest > > in > > ation.java:97) [:2.3.1-patch-01] > > at > > org.apache.cxf.transport.servlet.ServletController.invokeDestination(S > > er > > vletController.java:461) [:2.3.1-patch-01] > > at > > org.jboss.wsf.stack.cxf.ServletControllerExt.invoke(ServletControllerE > > xt > > .java:172) [:3.4.1.GA] > > at > > org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHa > > nd > > lerImpl.java:57) [:3.4.1.GA] > > at > > org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(Ser > > vl > > etHelper.java:156) [:3.4.1.GA] > > at > > org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:90) > > [:3.4.1.GA] > > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(Abs > > tr > > actHTTPServlet.java:179) [:2.3.1-patch-01] > > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHT > > TP > > Servlet.java:103) [:2.3.1-patch-01] > > at > > javax.servlet.http.HttpServlet.service(HttpServlet.java:754) > > [:1.0.0.Final] > > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractH > > TT > > PServlet.java:159) [:2.3.1-patch-01] > > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli > > ca > > tionFilterChain.java:324) [:6.1.0.Final] > > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi > > lt > > erChain.java:242) [:6.1.0.Final] > > at > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperVa > > lv > > e.java:275) [:6.1.0.Final] > > at > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextVa > > lv > > e.java:161) [:6.1.0.Final] > > at > > org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(Security > > As > > sociationValve.java:181) [:6.1.0.Final] > > at > > org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticat > > or > > Base.java:501) [:6.1.0.Final] > > at > > org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.eve > > nt > > (CatalinaContext.java:285) [:1.1.0.Final] > > at > > org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.inv > > ok > > e(CatalinaContext.java:261) [:1.1.0.Final] > > at > > org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve > > .j > > ava:88) [:6.1.0.Final] > > at > > org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke > > (S > > ecurityContextEstablishmentValve.java:100) [:6.1.0.Final] > > at > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.ja > > va > > :159) [:6.1.0.Final] > > at > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.ja > > va > > :102) [:6.1.0.Final] > > at > > org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedCo > > nn > > ectionValve.java:158) [:6.1.0.Final] > > at > > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. > > java:109) [:6.1.0.Final] > > at > > org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.i > > nv > > oke(ActiveRequestResponseCacheValve.java:53) [:6.1.0.Final] > > at > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java > > :3 > > 62) [:6.1.0.Final] > > at > > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java: > > 87 > > 7) [:6.1.0.Final] > > at > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proces > > s( > > Http11Protocol.java:654) [:6.1.0.Final] > > at > > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951 > > ) > > [:6.1.0.Final] > > at java.lang.Thread.run(Thread.java:662) [:1.6.0_35] Caused > > by: org.apache.ws.security.WSSecurityException: An error was > > discovered processing the <wsse:Security> header > > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4J > > In > > Interceptor.java:294) [:2.3.1-patch-01] > > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4 > > JI > > nInterceptor.java:234) [:2.3.1-patch-01] > > ... 33 more > > > > > > ---------------------------------------------------------------------- > > -- > > ------------------------------------------- > > > > So, the client actions for the request are "Timestamp Signature" and > > the server inInterceptor actions match that. > > > > What am I failing to understand about this? Is there a simple > > explanation anywhere of what it means to specify a list of actions on > > a web service incoming interceptor EXACTLY what is required fo on the > > client end to match up, including details about specific parts that > > have to be signed? > > > > > > > > > > > > > > > > > > > > NOTICE: This transmission (including all attachments) is company > > confidential, is intended only for the individual or entity named > > above, and is likely to contain privileged, proprietary and > > confidential information that is exempt from disclosure requests under > applicable law. > > If you are not the intended recipient, you are hereby notified that > > any disclosure, copying, distribution, use of or reliance upon any of > > the information contained in this transmission is strictly prohibited. > > > Any inadvertent or unauthorized disclosure shall not compromise or > > waive the confidentiality of this transmission. If you have received > > this transmission in error, please forward this message immediately to > > > [email protected] <mailto:[email protected]> and delete or > > otherwise remove this email from your system. Thank you > > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
